×

What Are the Advantages and Disadvantages of an Intrusion Detection System?

Jonathan Lister

Intrusion detection systems for computers provide comprehensive defense against identity theft, information mining, and network hacking.

Identity theft is the fastest-growing white-collar crime in the United States.

Big businesses and government agencies employ such software to keep information and accounts safe as well as monitor the network activities of employees to ensure on-site facilities are not being misused. But for all the advantages, intrusion detection systems are hampered by an inability to tell malicious activity from accidental or lawful activity and may lock down a network causing loss of work and revenue.

Constant Network Monitoring

Intrusion detection systems constantly monitor a given computer network for invasion or abnormal activity. The advantage of this service is the "round-the-clock" aspect, in that the system is protected even while the user is asleep or otherwise away from any computer hooked up to the network. User information, access to the network, and firewall measures are all actively updated and looked after by intrusion detection systems.

Versatility of the System

Intrusion detection systems are highly customizable to accommodate specific client needs. This allows users to custom-build network security to monitor highly-individualized activity; from overt attacks to the network to examining suspicious or specific patterns of activity which may be a masquerade attempt to penetrate system security from outside the network, or perhaps the work of someone inside the security network. The system is able, through customization, to monitor both the outside threats to a given network, and patterns of behavior which may be threats operating within the system.

Telling Threat From Friend

The main disadvantage of intrusion detection systems is their inability to tell friend from foe. Users inside the system may have harmless activity flagged by the intrusion detection system, resulting in a lock-down the network for an undetermined period of time until a technical professional can be on-site to identify the problem and reset the detection system. To a business dependent on swift action for deadline oriented material, this can cause a drastic loss of revenue and client confidence, as partners may take business elsewhere to a company with a more reliable network.